Archives

Blow me down (that’s enough piratical merriment – ed) it’s a tech post. These don’t come along very often, but when they do they tend to draw a lot of attention and comment. This is because :

The web is (obviously) full of tech geeks. We were in the internets long before all you normal people got here, long before there was even a web.

All tech geeks believe that they know tech much better than all other tech geeks, even when the evidence stands clearly against them.

See below.

Duty Calls

So it is with a certain amount of trepidation that I venture in the frosty waters of the ‘illegal file sharing’ meme, which I have no doubt is already the subject of bitter infighting in the techier parts of the blogosphere that I tend to avoid.

Full disclosure : I am a professional tech geek, part of my job involves reverse engineering security systems and encryption and that sort of thing. Right then, on with the post.

It has been all over the MSM today that once again, the disconnection of ‘illegal’ file sharers is back on the cards, we’ll skip most of what’s actually in the MSM reports, because they employ people who know the square root of fuck all about technology with very few exceptions, and jump straight to the source, a speech given by Lord Mandy of Gobshite at the cringe inducingly named “C&BInet” forum (erm, guys, that would actually expand as ‘candbinet’).

I will try really hard not to fisk to much of it and get to the issues, it’s hard with Mandy, just take this for instance

I’ve been trying to think of the first time that I was really aware of just how seriously Britain’s impact as a creative economy is out of all proportion to its size. I think it was some time in the last decade, probably looking up at Norman Foster’s glass dome for the Reichstag or reflecting on Harry Potter’s decade of global conquest, or maybe it was watching Robbie Williams charm the socks off 15000 Belgians – and at least one Englishman – in Antwerp a few years ago.

Oh, puke. Or was it perhaps while you were dining in Corfu with billionare producer David Geffen, well known file sharing hardliner ? Hard to tell, but since it was only a couple of days afterwards well, I think we can draw our our own conclusions.

Anyway, the upshot is that Mandy now has a hard on for content protection, and when a New Labour type has a hard on for any issue, you just know they’re going to be jizzing out some new legislation so they can be seen to be doing something. When it’s Mandy, you know he’s about to stick his spanner in the works of the market and start twisting it about, and so it came to pass

Now, it seems self-evident to me that trying to evolve new business models against these kind of attitudes is very hard, and I take my hat off to those who have tried. Further investment in new business models is important

Wait for it …

But the Government also has a responsibility to act.

Here it comes …

That is why we have decided to intervene and legislate to tackle the problem of file-sharing

Thar she blows! (avast! – ed)

So, M’Lord, what is it exactly that you intend to propose in your legislation ?

What we will be putting before Parliament is a proportionate measure that will give people ample awareness and opportunity to stop breaking the rules. It will be clear to them that they have been detected, that they are breaking the law and that they risk prosecution. If necessary we have also made it clear that we will go further and make technical measures available, including account suspension. In this case, there will be a proper route of appeal

Ah, the old ‘three strikes’.

Let us not dwell to much further on the emetic speech, lest we start to imagine Mandy’s voice, which is a little like being caressed by the blade of a serial killer, we shall leave it at this last extract.

Neither do we want Internet Service Providers to be unfairly burdened. ISPs and rights holders will share the costs, on the basis of a flat fee that will allow both sides to budget and to plan.

Which pretty much sums up the kind of market meddling the man thinks is acceptable in one sentence, really.

I haven’t looked yet, but I expect the ISPs will be incandescent about this for several reasons. Avast! I shall have a quick Google …

ISP TalkTalk said the plans were “ill-conceived” and said it was prepared to challenge measures “in the courts”.

“What is being proposed is wrong in principle and won’t work in practice,” the firm said.

“In the event we are instructed to impose extra judicial technical measures we will challenge the instruction in the courts.”

Yeah, pretty incandescent.

Anyhoo, this will all lead to a seriously epic fail, there are technological reasons, and there are legal reasons. And of course there are economic reasons. With some trepidation of the storm of geek comments about to be flung at me, I will elucidate some of them just far enough to illustrate what a typical FUBAR this will end up as when the relevant legislation passes through parliament. Which it undoubtedly will if Mandy’s gnomes can get it before the house while it’s full of Labour seat warmers.

Technical Fail
Lets cut to the chase and skip lightly over the details, which I can fill in later if anyone decides they care. It is not technically possible to implement an automated solution that will work at the level of a large ISP. It simply isn’t. Let no one tell you different. The ISPs know this.

The problem is that you have to be able to identify illegal content. There are a number of ways of going about this, some cleverer than others, but none (so far) that can’t be subverted. All of these, even the clever ones, rely on being able to intercept (note that word) the traffic flowing through the network and then perform some processing on it to see what’s in it. Then if it looks like it might be some file sharing traffic, perform some more processing on it to see if it’s protected content. The cleverer the method, the more processing is needed. More processing means more processors. Which means more money. And more electricity, which also means more money. And more air conditioning to stop the whole lot catching on fire. Which means even more money, and even more electricity, and even more money for electricity. And so on.

Quite apart from which, even the cleverest methods like ‘acoustic fingerprinting‘ require an unencrypted stream of traffic to work with. Once you introduce end to end encryption into the mix, your clever technical solution has stopped working and you are left with a warehouse full of hot, noisy, power consuming paperweights. Epic fail. Encryption is already available in most P2P file sharing clients.

As it is, from the bum gravy I have seen in the MSM, the proposed technical solution is not even that clever. We shall not examine it in any detail, because it will almost certainly be freshly minted bullshit dreamed up by some bright some thing in Mandy’s employ and wilfully misinterpreted by the retards who deign to call themselves technology journalists. We may return to the subject once the proper tech media have had a chew on it. No, let us skip lightly over to the next issue.

Seriously Epic Legal Fail
We can sum half of this up in a single word. RIPA. Ok, that’s an acronym, RIPA is the Regulation Of Investigatory Powers Act 2000.

Without digging through the minutiae, much of which is tedious beyond belief, RIPA makes what Mandy wants the ISPs to do illegal. Put simply, an ISP is allowed to look at as much of your network traffic as is required for them to deliver it properly, anything further than that is classed as an interception (remember that word from earlier ?).

Interception without a warrant is serious offence, worth up to five years at Brenda’s pleasure, and while some ISPs have Phorm for playing fast and loose with these regulations at the behest of the Home Office, they don’t have any particular urge to get into the business of mass interception.

RIPA neophytes please note that interception is not the same as looking at your ‘communications data’, which you can do with a note from your mum.

More importantly from the ISPs’ point of view is the catchily titled Electronic Commerce (EC Directive) Regulations 2002. Again, avoiding the gory detail, which is all in there if you want it, this piece of EU legislation essentially indemnifies ISPs against claims for, e.g., libel in the case that some libellous material is transmitted across their network.

ISPs are naturally very keen to keep this indemnity, because if they don’t, some waste of oxygen horse fuckers libel law firm like Carter-Ruck will sue them all to oblivion then next time someone puts up a blog post.

The catch is, though, that the definition of an Internet Service Provider in the regs is very tight, and intercepting traffic to look for illegal file sharing traffic falls explicitly outside it. Currently ISPs skim very close to the edge in implementing the Internet Watch Foundation’s kiddy porn blacklist. That’s just about allowed, because of vagaries in the technical implementation and because it’s a child protection issue. No one has the guts to challenge child protection issues. Of which much more later.

Anyway, that’s by the by. It would be a bloody impressive piece of legislation that could rewrite the EU regs, and I’d like to see it. It would have to start off something like “We hereby secede from the European Union”.

So basically, Mandy’s super legislation will have to modify the RIPA definition of interception, and then either modify or repeal the EU regs, or make the ISPs relinquish their ‘mere conduit’ status, thus exposing them to so much liability that we may as well switch the internet off the day the bill passes.